Search

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a

\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\WhoWhere LDAP Server ID = "3" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager Server ID =

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain websites to send and receive

\Software\{UID} {random 2 characters} = "{contents of HELP_DECRYPT.URL}" HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{contents of HELP_DECRYPT.TXT}" HKEY_CURRENT_USER\Software\{UID} {random 2

" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server ID = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It takes advantage of certain vulnerabilities. Arrival

This spyware attempts to steal sensitive online banking information, such as user names and passwords. This routine risks the exposure of the user's account information, which may then lead to the

Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\WhoWhere LDAP Server ID = "3" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager Server ID = "4

\Windows\smss.exe" -agent 2 "%System%\cmd.exe" /C net stop "Acronis VSS Provider" /y "%System%\cmd.exe" /C net stop "Enterprise Client Service" /y "%System%\cmd.exe" /C net stop "SQL Backups" /y "%System%

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a

" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\VeriSign LDAP Server ID = "2" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\WhoWhere LDAP Server ID = "3

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops an AUTORUN.INF file to automatically

HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{RSA PUBLIC KEY} " HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{contents of HELP_DECRYPT.TXT}" HKEY_CURRENT_USER\Software\{UID} {random 2

" "shell_scripts/check_if_cscript_is_working.js" cscript "shell_scripts/check_if_cscript_is_working.js" "%System%\PING.EXE" 8.8.8.8 -n 2 -w 500 ping 8.8.8.8 -n 2 -w 500 "%System%\cscript.exe" shell_scripts/shell_ping_after_close.js "http://i-50.

This Coinminer may be dropped by other malware. Arrival Details This Coinminer may be dropped by the following malware: Trojan.VBS.MALXMR.THEBIBO Installation This Coinminer adds the following

This file infector arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This file infector arrives on a

" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER

\ Windows\CurrentVersion\Setup LogLevel = "2" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Setup LogLevel = "0" It modifies the following registry entries: HKEY_CURRENT_USER\Software

"SQL Backups" MSSQL$PROD "Zoolz 2 Service" MSSQLServerADHelper SQLAgent$PROD msftesql$PROD NetMsmqActivator EhttpSrv ekrn ESHASRV MSSQL$SOPHOS SQLAgent$SOPHOS AVP klnagent MSSQL$SQLEXPRESS SQLAgent